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2. **** shows the word which can not be translated. 
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CLAIMS 



[Claim(s)] 

[Claim 1]A management table which stores confidential information which is a 
confidential information controlling method in a database which manages enciphered 
confidential information, and was enciphered by said database, a set (an item of one 
sequence in one line.) of a specific value of this management table A key table which 
stores a hash value of this set for which set correspondence of a specific value of a 
key, an encryption algorithm identifier, and this management table used in order to 
encipher each value belonging to this set to correspondences, such as a line and a 
sequence, was asked is provided. Give a serial number to this management table and a 
key table for every line, and it relates with them mutually, A serial number is created 
at the time of registration of confidential information to said database, Confidential 
information which creates a key for enciphering confidential information to register 
using a random number, and registers it into said management table with a this 
created key is enciphered using a cryptographic algorithm, Enciphered this 
confidential information is registered into said management table with said serial 
number, Said hash value which is enciphered with a key encryption key used for 
encryption of all the keys which enciphered confidential information which is the key 
created apart from a this created key, and registers said created key into a 
management table, and is used for search of enciphered confidential information is 
calculated, A confidential information controlling method in a database registering into 
said key table a key for encryption of confidential information enciphered by this key 
encryption key, an identifier of said cryptographic algorithm, and a hash value for said 
search with said serial number. 
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[Claim 2] In the confidential information controlling method according to claim 1, at the 
time of search of confidential information registered into said database. Calculate a 
hash value of a search condition and a condition coincidence line which has a hash 
value which is in agreement with a hash value of this search condition is taken out 
from said key table, A key for encryption of confidential information enciphered by 
said key encryption key and a group of an encryption algorithm identifier are taken out 
from this condition coincidence line, A key for encryption of confidential information 
enciphered by this taken-out key encryption key is decoded with this key encryption 
key, A confidential information controlling method in a database enciphering said 
search condition by a cryptographic algorithm corresponding to a this decoded key 
and said encryption algorithm identifier, and searching said management table 
according to a this enciphered search condition. 

[Claim 3]After searching confidential information which is in agreement with a search 
condition in a confidential information controlling method in the database according to 
claim 2, The new key for enciphering searched this confidential information is created 
using a random number, Confidential information this searched with a created this key 
is newly enciphered using a cryptographic algorithm, enciphering a created this key 
with said key encryption key — this — a management table by newly enciphered 
confidential information, [ update and ] A confidential information controlling method 
in a database updating a key table by an identifier of the new key for encryption 
enciphered with said key encryption key, and said cryptographic algorithm. 
[Claim 4] In a confidential information controlling method in the database according to 
claim 2, at the time of renewal of confidential information registered into said database. 
Input confidential information before updating, and confidential information after 
updating, and a database is searched by confidential information before updating, A 
serial number of said management table in which confidential information before 
renewal of this exists is acquired, A key for enciphering confidential information after 
said updating is created using a random number, Confidential information after 
renewal of this is enciphered using a cryptographic algorithm with a created this key, 
A key which registered confidential information after enciphered this updating into a 
line of said acquired serial number of said management table, enciphered said created 
key with said key encryption key, and was enciphered with this key encryption key, A 
confidential information controlling method in a database registering an identifier of 
said cryptographic algorithm into a line of said acquired serial number of said key table. 
[Claim 5]A confidential information controlling device of a database which manages 
enciphered confidential information characterized by comprising the following. 
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A management table which stores enciphered confidential information in said 
database. 

a set (an item of one sequence in one line.) of a specific value of this management 
table It has a key table which stores a hash value of this set for which set 
correspondence of a specific value of a key, an encryption algorithm identifier, and 
this management table used in order to encipher each value belonging to this set to 
correspondences, such as a line and a sequence, was asked, A means to give a serial 
number to this management table and a key table for every line, to relate mutually, and 
to create a serial number at the time of registration of confidential information. 
A means to encipher confidential information which creates a key for enciphering 
confidential information to register using a random number, and registers it into said 
management table with a this created key using a cryptographic algorithm. 
A means to register enciphered this confidential information into said management 
table with said serial number, A means to encipher with a key encryption key used for 
encryption of all the keys which enciphered confidential information which is the key 
created apart from a this created key, and registers said created key into a 
management table, A means to calculate said hash value used for search of 
enciphered confidential information, A key for encryption of confidential information 
enciphered by this key encryption key, and an identifier of said cryptographic 
algorithm, A means to register a hash value for said search into said key table with 
said serial number, A means which calculates a hash value of a search condition at the 
time of search of confidential information, and takes out a condition coincidence line 
which has a hash value which is in agreement with a hash value of this search 
condition from said key table, A means which takes out a key for encryption of 
confidential information enciphered by said key encryption key, and a group of an 
encryption algorithm identifier from this condition coincidence line, A means to 
decode a key for encryption of confidential information enciphered by this taken-out 
key encryption key with this key encryption key, A means to encipher said search 
condition by a cryptographic algorithm corresponding to a this decoded key and said 
encryption algorithm identifier, and to search said management table according to a 
this enciphered search condition. 

[Claim 6]A confidential information controlling device of the database according to 
claim 5 characterized by comprising the following. 

A means to acquire a serial number of said management table which searches a 
database by confidential information before inputted updating at the time of renewal 
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of confidential information and in which confidential information before renewal of this 
exists. 

A means to create a key for enciphering confidential information after inputted 
updating using a random number, and to encipher confidential information after 
renewal of this using a cryptographic algorithm with a this created key. 
A means to register confidential information after enciphered this updating into a line 
of said acquired serial number of said management table. 

A means to encipher said created key with said key encryption key, a key enciphered 
with this key encryption key, and a means to register an identifier of said 
cryptographic algorithm into a line of said acquired serial number of said key table. 

[Claim 7] It is the recording medium which recorded enciphered confidential 
information and key information used for encryption and in which computer reading is 
possible, Said enciphered confidential information is recorded on a management table, 
and key information used for said encryption is recorded on a key table, and said 
management table, Consist of two or more lines and two or more sequences, it is 
recorded by group of confidential information enciphered by each line correspondence, 
and said key table, a set (an item of one sequence in one line.) of a value with said 
specific management table which consists of two or more lines and two or more 
sequences A hash value of this set for which set correspondence of a specific value 
of a key, an encryption algorithm identifier, and this management table used in order to 
encipher each value belonging to this set to correspondences, such as a line and a 
sequence, was asked is recorded, A recording medium which recorded enciphered 
confidential information, wherein a serial number which associates a line of a 
management table and a line of a key table mutually is recorded on each line of said 
management table and a key table, and key information used for encryption and in 
which computer reading is possible. 

[Claim 8]a set (an item of one sequence in one line.) of a specific value of a 
management table which stores enciphered confidential information, and this 
management table It has a key table which stores a hash value of this set for which 
set correspondence of a specific value of a key, an encryption algorithm identifier, and 
this management table used in order to encipher each value belonging to this set to 
correspondences, such as a line and a sequence, was asked. It is the recording 
medium which recorded a confidential information control program which manages a 
database which gave a serial number for every line, was associated mutually, and was 
used as this management table and a key table and in which computer reading is 
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possible, A procedure which creates a serial number at the time of registration of 
confidential information to said database, A procedure which enciphers confidential 
information which creates a key for enciphering confidential information to register 
using a random number, and registers it into said management table with a this 
created key using a cryptographic algorithm, A procedure of registering enciphered 
this confidential information into said management table with said serial number, A 
procedure enciphered with a key encryption key used for encryption of all the keys 
which enciphered confidential information which is the key created apart from a this 
created key, and registers said created key into a management table, and a procedure 
which calculates said hash value used for search of enciphered confidential 
information, A recording medium which recorded a confidential information control 
program which performs a procedure of registering into said key table a key for 
encryption of confidential information enciphered by this key encryption key, an 
identifier of said cryptographic algorithm, and a hash value for said search with said 
serial number and in which computer reading is possible. 
[Claim 9]a set (an item of one sequence in one line.) of a specific value of a 
management table which stores enciphered confidential information, and this 
management table It has a key table which stores a hash value of this set for which 
set correspondence of a specific value of a key, an encryption algorithm identifier, and 
this management table used in order to encipher each value belonging to this set to 
correspondences, such as a line and a sequence, was asked, It is the recording 
medium which recorded a confidential information control program which manages a 
database which gave a serial number for every line, was associated mutually, and was 
used as this management table and a key table and in which computer reading is 
possible, A procedure which calculates a hash value of a search condition at the time 
of search of confidential information to said database, and takes out a condition 
coincidence line which has a hash value which is in agreement with a hash value of 
this search condition from said key table, A procedure which takes out a key for 
encryption of confidential information enciphered by a key encryption key used for 
encryption of all the keys which enciphered confidential information, and a group of an 
encryption algorithm identifier from this condition coincidence line, Said search 
condition is enciphered by a cryptographic algorithm corresponding to a procedure 
which decodes a key for encryption of confidential information enciphered by this 
taken-out key encryption key with this key encryption key, a this decoded key, and 
said encryption algorithm identifier, A recording medium which recorded a confidential 
information control program which performs a procedure of searching said 
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management table according to an enciphered this search condition and in which 
computer reading is possible. 

[Claim 10]a set (an item of one sequence in one line.) of a specific value of a 
management table which stores enciphered confidential information, and this 
management table It has a key table which stores a hash value of this set for which 
set correspondence of a specific value of a key, an encryption algorithm identifier, and 
this management table used in order to encipher each value belonging to this set to 
correspondences, such as a line and a sequence, was asked, It is the recording 
medium which recorded a confidential information control program which manages a 
database which gave a serial number for every line, was associated mutually, and was 
used as this management table and a key table and in which computer reading is 
possible, A procedure which acquires a serial number of said management table which 
searches a database by confidential information before inputted updating at the time 
of renewal of confidential information registered into said database, and in which 
confidential information before renewal of this exists, A procedure which creates a 
key for enciphering confidential information after inputted updating using a random 
number, and enciphers confidential information after renewal of this using a 
cryptographic algorithm with a this created key, A procedure of registering 
confidential information after enciphered this updating into a line of said acquired 
serial number of said management table, and a procedure enciphered with a key 
encryption key which uses said created key for encryption of all the keys which 
enciphered confidential information, A recording medium which recorded a confidential 
information control program which performs a key enciphered with this key encryption 
key, and a procedure of registering an identifier of said cryptographic algorithm into a 
line of said acquired serial number of said key table and in which computer reading is 
possible. 



[Translation done.] 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the method of enciphering in a 
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database, registering confidential information and managing it. 
[0002] 

[Description of the Prior Art]The database is used in various fields, such as a credit 
company and a bank, these days. The certificate authority which especially attests 
electronic commerce technology these days also has a database which manages the 
confidential information of individuals, such as a name and a credit number, for 
attestation. Since such a database is treating the confidential information about an 
individual, it has prevented disclosure of data by making it not grant only a specific 
individual like a database administrator the right to access which can operate a 
database, for example. However, even when the right to access to a database is set up, 
an inaccurate invader carries out unjustly the memory storage which recorded the 
database, and there is a danger that data will be revealed, by seeing the contents of 
this device directly. Then, it is possible by enciphering and registering specific 
information, including a name, a credit number, etc., decoding, when taking out 
information, and acquiring the original information to secure security. Thus, if the key 
for decoding is not stolen even if the device with which the database was recorded by 
enciphering specific information suits a theft, the danger that information will be 
revealed decreases substantially. Conventionally, the whole database was enciphered 
using one specific key to encryption of such information. 

[0003]There are some which are indicated by "JP,8-329Q1 1,A" as an example of the 
art which enciphers a database. The example of this well-known example comprises a 
network system which connects a database, a lock management center, 1 next user, 
and 2 next users mutually. 1 next user enciphers copyright information, stores in a 
database, and stores a key in a lock management center. When 2 next users use the 
copyright information, an encryption key is got from a lock management center, and 
the method then charged is proposed. The lock management center of this 
well-known example has managed the key by performing matching of the key currently 
kept and a copyright label. 
[0004] 

[Problem(s) to be Solved by the Invention]At a Prior art, in the database which 
enciphered the whole database with one specific encryption key, when the encryption 
key suits a theft simultaneously with the device with which the database was 
recorded, the whole database is decoded and there is a danger that confidential 
information will be revealed. When an encryption key suits a theft during operation of a 
database, an unauthorized entry person may decode data using this key. Therefore, it 
will be necessary to change an encryption key in these situations and to prevent 
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disclosure of data. In order to change an encryption key, access from the user to a 
database is forbidden, and once decrypting all the data in a database, it must 
reencipher with a new encryption key. The more the scale of a database becomes 
large, this work takes time and, the more the user cannot access a database in the 
meantime. Since the number of the keys which have enciphered the database is one 
when one of the data enciphered even if a key furthermore did not meet a theft is 
decoded, there is a danger that all other data will be decoded. 

[0005]In a Prior art, when a firmer encryption algorithm tends to be adopted and it is 
going to raise security during operation of a database, it is difficult to change an 
encryption algorithm. It is because user access to a database is once forbidden also in 
this case and all the data must be reenciphered by a new encryption algorithm. In the 
method which enciphers the conventional database as stated above, Since the 
number of the keys which encipher a database is one, when the key suits a theft, Even 
if there is a danger that all the databases enciphered with the key will be decoded, and 
confidential information will be revealed and the firm encryption algorithm was 
invented by in the enciphered database operation, there was a problem that it was 
difficult to change the encryption algorithm of a database into the method. 
[00Q6]In the method which enciphers a database, this invention provides the 
confidential information managing system of the safe database which does not reveal 
the contents of the database, It aims at enabling it to enable it to make a change of an 
encryption key or an encryption algorithm easily also during database operation, and 
to use two or more encryption algorithms and two or more encryption keys. 
[0007] 

[Means for Solving the Problem]A management table which stores confidential 
information which this invention is a confidential information controlling method in a 
database which manages enciphered confidential information, and was enciphered by 
said database in order to attain the above-mentioned purpose, a set (an item of one 
sequence in one line.) of a specific value of this management table A key table which 
stores a hash value of this set for which set correspondence of a specific value of a 
key, an encryption algorithm identifier, and this management table used in order to 
encipher each value belonging to this set to correspondences, such as a line and a 
sequence, was asked is provided, Give a serial number to this management table and a 
key table for every line, and it relates with them mutually, A serial number is created 
at the time of registration of confidential information to said database. Confidential 
information which creates a key for enciphering confidential information to register 
using a random number, and registers it into said management table with a this 
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created key is enciphered using a cryptographic algorithm, Enciphered this 
confidential information is registered into said management table with said serial 
number, Said hash value which is enciphered with a key encryption key used for 
encryption of all the keys which enciphered confidential information which is the key 
created apart from a this created key, and registers said created key into a 
management table, and is used for search of enciphered confidential information is 
calculated, He is trying to register into said key table a key for encryption of 
confidential information enciphered by this key encryption key, an identifier of said 
cryptographic algorithm, and a hash value for said search with said serial number. 
[0008]A hash value of a search condition is calculated at the time of search of 
confidential information registered into said database, A condition coincidence line 
which has a hash value which is in agreement with a hash value of this search 
condition is taken out from said key table, A key for encryption of confidential 
information enciphered by said key encryption key and a group of an encryption 
algorithm identifier are taken out from this condition coincidence line, A key for 
encryption of confidential information enciphered by this taken-out key encryption 
key is decoded with this key encryption key, Said search condition is enciphered by a 
cryptographic algorithm corresponding to a this decoded key and said encryption 
algorithm identifier, and it is made to search said management table according to a 
this enciphered search condition. 

[0009]After searching confidential information which is in agreement with a search 
condition, the new key for enciphering this searched confidential information is 
created using a random number, Confidential information this searched with a created 
this key is newly enciphered using a cryptographic algorithm, enciphering a created 
this key with said key encryption key — this — he updates a management table by 
newly enciphered confidential information, and is trying to update a key table by an 
identifier of the new key for encryption enciphered with said key encryption key, and 
said cryptographic algorithm 

[001 0] Confidential information before updating and confidential information after 
updating are inputted at the time of renewal of confidential information registered into 
said database, Search a database by confidential information before updating, and a 
serial number of said management table in which confidential information before 
renewal of this exists is acquired, A key for enciphering confidential information after 
said updating is created using a random number, Confidential information after 
renewal of this is enciphered using a cryptographic algorithm with a created this key, 
A key which registered confidential information after enciphered this updating into a 
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line of said acquired serial number of said management table, enciphered said created 
key with said key encryption key, and was enciphered with this key encryption key, He 
is trying to register an identifier of said cryptographic algorithm into a line of said 
acquired serial number of said key table. 
[0011] 

[Embodiment of the Invention]First, the principle of this invention is explained. The 
item of one sequence in one line of a management table and a management table for 
the database which manages confidential information to store the enciphered 
confidential information (below) It has the key used in order to encipher each value 
which belongs to this set for every set of specific values called the field, such as a line 
or a sequence, and a key table which stores an encryption algorithm identifier. Said 
management table and the key table store the serial number which associates the line 
of two tables, respectively, and the hash value calculated to the value which combined 
the set of the specific value of said management table is also stored in a key table. In 
registration of the enciphered confidential information, the key (below, a data 
encryption key is called) for enciphering confidential information is first created using 
a random number. The confidential information registered into a management table 
using the data encryption key is enciphered. There are MULTI2, DES (Data Encryption 
Standard), etc. as an example of such a key. Said data encryption key is enciphered 
using another key (below, a key encryption key is called) used for encryption of all the 
keys which enciphered the confidential information which is the key created apart 
from the key which enciphers confidential information, and is registered into a 
management table. And it calculates from the confidential information before 
enciphering the hash value used for search of confidential information. A serial 
number is generated, the confidential information enciphered as the serial number is 
registered into a management table, and a serial number, a data encryption key, an 
encryption algorithm identifier, and a hash value are registered into a key table. 
[0012]When a serial number is specified as a search condition, the serial number is 
searched in a key table, the data encryption key enciphered as the encryption 
algorithm identifier which is in agreement with the serial number is picked out from a 
key table, and the data encryption key enciphered with the key encryption key is 
decoded. Next, a serial number is searched in a management table, the enciphered 
confidential information which is in agreement with a serial number is taken out from a 
management table, and the confidential information is decoded using said data 
encryption key by said cryptographic algorithm. When only confidential information is 
specified as a search condition, the hash value of a search condition is calculated first. 
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A search condition is enciphered as the enciphered data encryption key which 
searches a key table by the hash value, and is in agreement with the hash value, and 
the data encryption key which took out all encryption algorithm identifiers and 
decoded said enciphered data encryption key by an encryption algorithm. Next, a 
management table is searched using the enciphered search condition, and when the 
line containing confidential information in agreement is found, confidential information 
other than a search condition is decoded using the key and encryption algorithm 
identifier which decoded the enciphered data encryption key of everything but the key 
table corresponding to the serial number of the line. 

[0013]The principle explained above is further explained using an example. The 
example of the management table used by this example is shown in drawing 2 , and the 
key table corresponding to the management table is shown in drawing 3 , The sequence 
of a management table is constituted and in a serial number, a name, a telephone 
number, and an address the sequence of a key table, It comprises an encryption key of 
a serial number, the hash value of a name, a name encryption algorithm identifier, the 
encryption key of a name, the hash value of a telephone number, a telephone number 
encryption algorithm identifier, the encryption key of a telephone number, the hash 
value of an address, an address encryption algorithm identifier, and an address. In 
drawing 2 and drawing 3 , the character of top-and-bottom reverse shows the data 
enciphered. It is stored in the management table of drawing 2 without enciphering a 
name and a telephone number and enciphering an address. A name, a telephone 
number, each hash value of an address, an encryption algorithm identifier, and an 
encryption key are stored in the key table of drawing 3 , among these the encryption 
key is enciphered and stored in it. 

[001 4] By this example, the line 205 of "12" is stored [ the sequence of the item 200 
of a serial number ] in the management table for the sequence of the line 204 of "1 1 ", 
and the item 200 of a serial number, and the sequence of the item 300 of a serial 
number The "11" lines 310, A procedure in case the sequence of the item 300 of a 
serial number newly registers a name "day rikka child", a telephone number 
"987-6543", and the address "Tokyo" into a database in the state where the line 31 1 
of "12" is stored in the key table 108 is explained. First, the key for enciphering a "day 
rikka child" and "987-6543" is created using a random number, respectively, and 
"315TK8" and "123ABD" are calculated. Next, it enciphers by the newest 
cryptographic algorithm in which an enciphered program has a "day rikka child" using 
the created key "315TK8", and "987-6543" is enciphered by said cryptographic 
algorithm using a key "123ABD." Next, the hash value "502" is calculated from a "day 
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rikka child", the hash value "143" is calculated from "987-6543" and the hash value 
"123" is calculated from "Tokyo." A key "315TK8" and "123ABD" are enciphered 
with a key encryption key. The serial number "13" which connects the line of a 
management table and a key table is generated, The "day rikka child" enciphered by 
the item 207 of the serial number of a management table at the item 208 of "13" and 
a name, "Tokyo" is registered into the item 210 of "987-6543" and an address 
enciphered by the item 209 of the telephone number. In the item 312 of the serial 
number of a key table at the item 313 of the hash value of "13" and a name "502", 
"315TK8" enciphered by the item 314 of the encryption algorithm identifier of a name 
at the item 315 of the encryption key of "2" and a name, In the item 316 of the hash 
value of a telephone number at the item 317 of "143" and the encryption algorithm 
identifier of a telephone number "2", "0" is registered into the item 319 of the hash 
value of "123ABD" enciphered by the item 318 of the encryption key of a telephone 
number, and an address at the item 320 of "123" and the encryption algorithm 
identifier of an address. 

[001 5] Next, the case where a name searches the telephone number of "Hitachi 2 **" 
is explained from this confidential information database (a management table and a 
key table). First, a hash value is calculated from "Hitachi 2 **", and the hash value 
"359" is calculated. "359" is searched with the hash value of the name of a key table, 
and data encryption key "ZXB515" 323 enciphered as the encryption algorithm 
identifier "1" 322 are taken out. Next, a data encryption key is decoded with a key 
encryption key. Decoded encryption key "ZXB515" The search condition "Hitachi 2 
**" of a name is enciphered as 323 using encryption algorithm identifier "1" 322. A 
management table is searched using the search condition of enciphered "Hitachi 2 
**." Search "Hitachi 2 **" enciphered in the management table, and serial number 
"12" 21 1 of the line are taken out, The serial number "12" The telephone number as 
which "Hitachi 2 **" on a management table was enciphered using the key which 
decoded the data encryption key "01ER88" enciphered using 21 1 as encryption 
algorithm identifier "1" 324 of the telephone number of a key table with the key 
encryption key is decrypted. 

[0016]Next, the case where a data encryption key which uses the same data 
encryption key for each of the value contained in each line, and is different for every 
line is used is explained. The example of the management table and key table in this 
case is shown in drawing 4 and drawing 5 . Drawing 4 is an example of the management 
table enciphered for every line. Although the table format of drawing 4 is the same as 
drawing 2 , unlike drawing 2, the unit enciphered and stored has become for every line. 
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In drawing 4 , the character of top-and-bottom reverse shows the data enciphered. 
The example of the key table corresponding to the management table of drawing 4 is 
shown in drawing 5 . The key table of drawing 5 has the hash value, encryption 
algorithm identifier, and data encryption key of the value which connected the serial 
number, and a name and a telephone number in a sequence. Since a key table has the 
key enciphered for every line, only a hash value, an encryption algorithm identifier, and 
one encryption key exist for every line. In drawing 5 , the character of top-and-bottom 
reverse shows the data enciphered. The sequence 500 of the item of a serial number 
stores the serial number for associating the line of a management table and a key 
table. Although the name and the hash value calculated combining two of telephone 
numbers are stored in a name and the sequence 501 of the item of the hash value of a 
telephone number in drawing 5 , it may be made for this to calculate a hash value from 
one only of the names. A database with the structure of the management table of 
drawing 4 and the key table of drawing 5 enables it to encipher with a respectively 
different data encryption key for every line. 

[001 7] By this example, the line 405 of "12" is stored [ the sequence 400 of the item 
of a serial number ] in the management table for the sequence 400 of the line 404 of 
"11", and the item of a serial number, and the sequence 500 of the item of a serial 
number The "11" lines 504, A procedure in case the sequence 500 of the item of a 
serial number newly registers a name "day rikka child", a telephone number 
"987-6543", and the address "Tokyo" into a database in the state where the line 505 
of "12" is stored in the key table is explained. First, the key for enciphering a "day 
rikka child", "987-6543", and "Tokyo" is created one using a random number, and 
"315TK8" is calculated. Next, it enciphers by the newest cryptographic algorithm in 
which an enciphered program has a "day rikka child", "987-6543", and "Tokyo" using 
the created key "315TK8", respectively. Next, the hash value "532" is calculated 
from a "day rikka child" and "987-6543." The key "315TK8" is enciphered with a key 
encryption key. The serial number "13" which connects the line of a management 
table and a key table is generated, The "day rikka child" enciphered by the item 407 of 
the serial number of a management table at the item 408 of "13" and a name, 
"987-6543" enciphered by the item 409 of the telephone number and "Tokyo" 
enciphered by the item 410 of the address are registered, "315TK8" which was 
enciphered by the item 506 of the serial number of a key table at the item 507 of the 
hash value of "13", a name, and a telephone number, and was enciphered by the item 
508 of "532" and an encryption algorithm identifier at the item 509 of "1" and an 
encryption key is registered. 
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[001 8] Next, a name explains the case where a telephone number searches the 
address of "123-4567" with "Hitachi 2 **" from this confidential information 
database (a management table and a key table). When retrieving the information 
enciphered in the database enciphered for every line, all the items used in order to 
calculate a hash value are specified in a search condition, and if they are practice 
****, there are. [ no ] First, hash is calculated from "Hitachi 2 **" and "123-4567", 
and the hash value "459" is calculated. "459" is searched with the name of a key 
table, and the hash value of a telephone number, and the data encryption key 
"PB24CS" 513 enciphered as the encryption algorithm identifier "1" 512 is taken out. 
Next, a data encryption key is decoded with a key encryption key. 
[0019]The search condition which enciphered "Hitachi 2 **" and "123-4567" as the 
taken-out encryption key "PB24CS" 513 using encryption algorithm identifier "1" 
512 is created. A management table is searched using the enciphered search 
condition of "Hitachi 2 **" and "123-4567." If "Hitachi 2 **" enciphered in the 
management table and "123-4567" are searched and a line in agreement is shown in a 
management table, A serial number decrypts the address where the management 
table of the line of "12" was enciphered using the key and encryption algorithm which 
enciphered "Hitachi 2 **" and "123-4567." 

[0020]The example of a management table and a key table in case the specific set to 
encipher is a sequence is shown in drawing 6 and drawing 7 . It differs from drawing 2 in 
that the table format of drawing 6 does not have an item of a serial number. In drawing 
6, the character of top-a nd-b ott om reverse shows the data enciphered. In drawing 6, 
the data of the item 602 of an address is stored without being enciphered. The 
example of the key table corresponding to the management table of drawing 6 is 
shown in drawing 7 . In drawing 7 , the character of top-and-bottom reverse shows the 
data enciphered. Drawing 7 is an example of the key table in the case of using a data 
encryption key which uses the same data encryption key for each of the value 
contained in each sequence, and is different for every sequence. In this case, since all 
the lines use the same encryption key and encryption algorithm for every sequence, a 
hash value is not stored. With a database with the structure of the management table 
of drawing 6 , and the key table of drawing 7 , encryption of the database which has a 
respectively different encryption key for every sequence is attained. 
[0021] By this example, the line 603 and the line 604 of the management table are 
stored in the management table, and the line 71 1 explains the procedure in the case of 
newly registering a name "day rikka child", a telephone number "987-6543", and the 
address "Tokyo" into a database in the state where it is stored in the key table. First, 
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the key for enciphering a "day rikka child" and "987-6543" is acquired. Therefore, 
"24B-52C" and "SW610V" which were enciphered with the key encryption key, an 
encryption algorithm identifier "1", and "1" are acquired from a key table, and 
"24B-52C" and "SW610V" which were enciphered with the key encryption key are 
decoded with a key encryption key. Next, it enciphers by the cryptographic algorithm 
which took out the "day rikka child" from the key table using the acquired key 
"24B-52C", and "987-6543" is enciphered by said encryption algorithm using a key 
"SW610V." 

[0022] Next, the case where a name searches the telephone number of "Hitachi 2 **" 
is explained from this confidential information database (a management table and a 
key table). First, the data encryption key "24B-52C" 707 enciphered as encryption 
algorithm identifier "1" 706 of the name is picked out from a key table. Next, the 
enciphered data encryption key "24B-52C" is decoded with a key encryption key. The 
search condition "Hitachi 2 **" of a name is enciphered for said data encryption key 
"24B-52C" 707 using encryption algorithm identifier "1" 706. A management table is 
searched using the search condition of enciphered "Hitachi 2 **." The telephone 
number as which the line of "Hitachi 2 **" was enciphered is decrypted using what 
decrypted the encryption key "SW610V" 709 of the telephone number of a key table, 
and an encryption algorithm identifier "1." 

[0023]As mentioned above, in the database which enciphers and registers confidential 
information, a set (the item of one sequence in one line.) of the specific value of the 
management table which stores the enciphered confidential information, and this 
management table By managing using two of key tables which stores the hash value of 
this set for which the set correspondence of the specific value of a key, an encryption 
algorithm identifier, and this management table used in order to encipher each value 
belonging to this set to correspondences, such as a line and a sequence, was asked, It 
becomes possible to change an encryption key and an encryption algorithm for every 
set of the specific value of a management table. 

[0024] Hereafter, the first example of this invention is described using drawing 1 . This 
system comprises the client 100, LAN101, LAN adapter 102, and the server 103. The 
client 100 and the server 103 are connected by LAN101 via LAN adapter 102. The 
server 103 comprises CPU 104, the main memory 109, the bus 105, and the magnetic 
disk drive 106. The main memory 109 and the magnetic disk drive 106 are accessed 
via the bus 105 from CPU 104. In the main memory 109. The database management 
program 110, registration and an update control program 111, the search control 
program 112, the deletion control program 113, the data search program 114, 
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registration / updating preparation program 1 1 7, registration and a renewal condition 
preparing program 122, the registration execution program 123, The updating 
execution program 1 24, the search condition preparing program 1 1 5, the retrieval 
execution program 116, the deletion-conditions preparing program 126, the deletion 
execution program 127, and the key storage area 128 are stored. 
[0025]The data search program 114 comprises the search condition preparing 
program 115 and the retrieval execution program 116. Registration / updating 
preparation program 1 17 comprises the initial condition preparing program 1 18, the 
hash value calculation program 1 19, the enciphered program 120, and the key 
enciphered program 121. A search condition preparing program is hash value 
calculation program 119 and key acquisition programmed 125, and comprises the 
enciphered program 120. The management table 107 and the key table 108 are stored 
in the magnetic disk drive 106. 

[0026]Hereafter, in the system of the composition of drawing 1 , the outline of the 
registration processing of the data enciphered and stored in a database is explained. A 
user inputs the data registered into a database from the client 100. Registration and 
the update control program 1 1 1 are started, and the data which was inputted from the 
client 100 and to register is passed to registration and the update control program 111. 
Registration and the update control program 1 1 1 pass the data registered into 
registration / updating preparation program 117. Registration / updating preparation 
program 117 creates a serial number by the initial condition preparing program 118, 
Calculate hash of the data registered by the hash value calculation program 119, and 
the key which enciphers the data registered by the enciphered program 1 20 is created, 
The data registered by the newest encryption algorithm that the enciphered program 
120 has is enciphered, and it enciphers with the key which is in the key storage area 
128 by the encryption algorithm in which the key enciphered program 121 has a key to 
the encryption further. Registration / updating preparation program 1 1 7 passes the 
key which enciphered a serial number, the hash value of the data registered, the 
enciphered registration data, and the enciphered registration data, and the encryption 
algorithm identifier which enciphered registration data to registration and the update 
control program 111. Registration and the update control program 1 1 1 pass the key 
which enciphered a serial number, the hash value of the data registered, the 
enciphered registration data, and the enciphered registration data, and the encryption 
algorithm identifier which enciphered registration data to registration and the renewal 
condition preparing program 122. Registration and the renewal condition preparing 
program 122 create the SQL sentence for the management table 107 and the key 
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table 108 from the passed data, respectively, and passes it to registration and the 
update control program 111. Registration and the update control program 1 1 1 pass 
the SQL sentence created by registration and the renewal condition preparing 
program 122 to the registration execution program 123. The registration execution 
program 123 using the database management program 1 10 to the management table 
107. A serial number and the enciphered registration data are registered and a serial 
number, the hash value of the data registered, the key that enciphered the enciphered 
registration data, and the encryption algorithm identifier which enciphered registration 
data are registered into the key table 108. 

[002 7] Next, in this system of such composition, the outline of the retrieval processing 
of the data which was enciphered and was registered into the database is explained. A 
user inputs the data searched from the client 100. The search control program 1 12 is 
started and the data which was inputted from the client 100 and to search is passed 
to the search control program 112. The search control program 112 passes the data 
searched to the search condition preparing program 1 1 5. The search condition 
preparing program 115 calculates the hash value of the data searched by the hash 
value calculation program 119, and takes out the encryption key with which the line 
which is in agreement with said hash value from the key table 108 by the key 
acquisition program 125 was enciphered, and an encryption algorithm identifier. The 
enciphered data encryption key is decoded with a key encryption key. A search 
condition is enciphered by the decoded data encryption key and encryption algorithm 
identifier, and the SQL sentence for search is created. The search condition preparing 
program 1 15 passes the created SQL sentence to the search control program 112. 
The search control program 1 12 passes said SQL sentence to the retrieval execution 
program 116. The retrieval execution program 1 16 searches the data which is in 
agreement with the search condition enciphered using the database management 
program 110 from the management table 107. The database management program 110 
passes search results to the search control program 112. The search control program 
1 1 2 returns the search results which decoded search results and were decoded to the 
client 100. The client 100 displays search results on a screen. 

[002 8] Next, in this system of such composition, the outline of the update process of 
the data which was enciphered and was stored in the database is explained. A user 
inputs the data before updating, and the data after updating from the client 100. 
Registration and the update control program 1 1 1 are started, and the data before 
updating inputted from the client 100 and the data after updating are passed to 
registration and the update control program 111. Registration and the update control 
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program 1 1 1 pass the data before updating to the data search program 114. The data 
search plug rum 1 1 4 enciphers the data before updating by the search condition 
preparing program 1 1 5, takes out the serial number of the data before updating by the 
retrieval execution program 1 1 6, and passes it to registration and the update control 
program 1 11. Registration and the update control program 1 1 1 pass the data after a 
serial number and updating to registration / updating preparation program 117. 
Registration / updating preparation program 1 17 by the hash value calculation 
program 119. Calculate the hash value of the data after updating and the key which 
enciphers the data after updating by the enciphered program 120 is created, It 
enciphers by the newest encryption algorithm in which the enciphered program 120 
has data to update, and the key enciphered program 121 enciphers the key to the 
encryption further by the encryption algorithm which the key enciphered program 121 
has with the key encryption key in the key storage area 128. 
[0029] Registration / updating preparation program 117 passes the key which 
enciphered the hash value of the data after updating, the data after enciphered 
updating, and the data after enciphered updating, and the encryption algorithm 
identifier which enciphered the data after updating to registration and the update 
control program 111. Registration and the update control program 1 1 1 pass the key 
which enciphered a serial number, the hash value of the data after updating, the data 
after enciphered updating, and the data after enciphered updating, and the encryption 
algorithm identifier which enciphered the data after updating to registration and the 
renewal condition preparing program 122. Registration and the renewal condition 
preparing program 122 create the SQL sentence for the management table 107 and 
the key table 108 from the passed data, respectively, and passes it to registration and 
the update control program 111. Registration and the update control program 1 1 1 
pass the SQL sentence created by registration and the renewal condition preparing 
program 122 to the updating execution program 124. The database management 
program 1 10 is used for the updating execution program 124, The key and encryption 
algorithm identifier which enciphered the hash value of the data after updating as 
which the management table 107 was enciphered, and the data after renewal of the 
key table 108, and the data after enciphered updating are updated according to a 
serial number. 

[0030] Next, in this system of such composition, the outline of the deletion of the data 
which was enciphered and was stored in the database is explained. A user inputs the 
data deleted from the client 100. The deletion control program 1 13 is started and the 
data which was inputted from the client 100 and to delete is passed to this. The 
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deletion control program 113 passes the data to delete to the data search program 
114. The data search program 114 enciphers the data deleted by the search condition 
preparing program 115, takes out the serial number of the data deleted by the retrieval 
execution program 116, and passes it to the deletion control program 113. The 
deletion control program 1 13 passes said serial number to the deletion-conditions 
preparing program 126. The deletion-conditions preparing program 126 creates the 
SQL sentence for the management table 107 and the key table 108 from the passed 
data, respectively, and passes it to the deletion control program 113. The deletion 
control program 1 13 passes the SQL sentence created by the deletion-conditions 
preparing program 126 to the deletion execution program 127. The deletion execution 
program 1 27 deletes the line of the serial number passed from the management table 
107 and the key table 108 using the database management program 1 10. 
[003 1 ] Above-mentioned processing is explained still in detail using a flow chart. The 
following explanation explains the case where the management table of drawing 2 and 
the key table of drawing 3 are used as an example. Drawing 8 shows the registration 
processing flow of the data to the encryption database which registration / updating 
program 1 1 1 performs. 

[0032] Data registration processing consists of the registration data input step 800, 
the registration preparation step 801, the registration data SQL sentence creation 
step 802, and the database register step 803. In the registration data input step 800, a 
user reads the data which was inputted from the client 100 and to register. In the 
registration preparation step 801, a serial number is created, the hash value of the 
data to register is calculated, the data encryption key which enciphers the data to 
register is created, and the data registered with the data encryption key is enciphered. 
A data encryption key is enciphered with a key encryption key. In the registration data 
SQL sentence creation step 802, the SQL sentence registered into the management 
table 107 and the key table 108 is created from the serial number created by the 
registration preparation step 801, the calculated hash value, the enciphered data 
encryption key, and the enciphered data to register. In the database register step 803, 
the SQL sentence which the registration execution program 123 created at the 
registration data SQL sentence creation step 802 is performed, The data which was 
enciphered by the management table 107 as the serial number by the database 
management program 110 and to register is registered, and the key and encryption 
algorithm identifier which enciphered the registration data enciphered as the hash 
value of a serial number and registration data to the key table 108 are registered. 
[0033] Next, processing of the registration preparation step 801 is explained in detail 
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using the flow chart of drawing 9 . The registration preparation step 801 consists of 
the serial number creation step 900, the hash value calculation steps 901, the 
cryptographic algorithm determination step 902, the data encryption step 903, and the 
key encryption step 904. In the serial number creation step 900, the serial number 
which connects each line of the management table 107 and the key table 108 is 
created. The hash value of the data to register is calculated in the hash value 
calculation steps 901. In the cryptographic algorithm determination step 902, the 
enciphered program 1 20 determines the encryption algorithm used for this encryption. 
The enciphered program 1 20 can have two or more cryptographic algorithms, and he is 
trying to use in it the cryptographic algorithm most newly registered into the 
enciphered program 120 for encryption at the time of registration and updating. In the 
data encryption step 903, the data encryption key for enciphering the data to register 
is created, and the data registered with the data encryption key is enciphered. In the 
key encryption step 904, the key created at the data encryption step 903 is 
enciphered using the key encryption key in the key storage area 128. 
[0034] Drawing 10 shows the retrieval processing flow of the data to the encryption 
database which the search control program 1 12 performs. Data retrieval processing. 
The retrieved data input step 1000, the hash value calculation steps 1001, the search 
SQL sentence creation step 1002, the management table searching step 1003, the 
management table coincidence data check step 1004, the key table searching step 
1005, It consists of the key table coincidence data check step 1006, the 
search-results displaying step 1007, the serial number acquisition step 1008, and all 
the data decryption steps 1009. In the retrieved data input step 1000, a user reads the 
data which was inputted from the client 100 and to search. The hash value of the data 
to search is calculated in the hash value calculation steps 1001. The data encryption 
key with which the line which is in agreement with the hash value calculated by the 
hash value calculation steps 1001 in the search SQL sentence creation step 1002 was 
enciphered, An encryption algorithm identifier is taken out from the key table 108 (the 
SQL sentence about a hash value is created and it takes out from a key table), a data 
encryption key is decoded, retrieved data is enciphered with the decoded data 
encryption key, and the SQL sentence which searches a management table is created. 
The management table 107 is searched with the management table searching step 
1 003 by the SQL sentence created at the search SQL sentence creation step 1 002. 
In the management table coincidence data check step 1004, it is investigated whether 
the data which is in agreement with the SQL sentence created at the search SQL 
sentence creation step 1002 is shown in the management table 107. When the data 
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which is in agreement with the SQL sentence created at the search SQL sentence 
creation step 1002 is shown in the management table 107, it progresses to the serial 
number acquisition step 1008. In the serial number acquisition step 1008, the serial 
number of the key table 108 of data congruous with the management table 107 is 
taken out. The serial number taken out by the serial number acquisition step 1008 in 
all the data decryption steps 1009 to all the enciphered data encryption keys, An 
encryption algorithm identifier is taken out and all the data in which the management 
table was enciphered as the data encryption key decoded with the key encryption key 
by the encryption algorithm is decrypted. Return processing is continued to the 
management table searching step 1003. 

[0035]When there is no data which is in agreement with the SQL sentence created at 
the search SQL sentence creation step 1002 in the management table 107, it 
progresses to the key table searching step 1005, the key table 108 is searched, and it 
is investigated whether there is still any line which is in agreement with the hash value 
calculated by the hash value calculation steps 1001. In the key table coincidence data 
check step 1006, the search results of the key table searching step 1005 are judged. 
When there is a line which is in agreement with the hash value calculated by the hash 
value calculation steps 1001, it returns to the search SQL sentence creation step 
1002, and retrieval processing is performed using a new data encryption key. When 
there is no line which is in agreement with the hash value calculated by the hash value 
calculation steps 1001, it progresses to the search-results displaying step 1007. In 
the search-results displaying step 1007, search results are displayed on the screen of 
a client. 

[0036] Next, processing of the search SQL sentence creation step 1002 is explained in 
detail using the flow chart of drawing 1 1 . The search SQL sentence creation step 
1002 consists of the encipherment information acquisition step 1 100 and the 
encryption retrieved data creation step 1 101. The key table 108 is searched with the 
encipherment information acquisition step 1 100, and the data encryption key with 
which the line which is in agreement with the hash value calculated by the hash value 
calculation steps 1001 was enciphered, and the data encryption key which took out 
the encryption algorithm identifier and was enciphered are decoded with a key 
encryption key by it. In the encryption retrieved data creation step 1 101, a search 
condition is enciphered as the decoded data encryption key by an encryption 
algorithm. 

[0037]As a method of searching the database enciphered, it picks out one data at a 
time from the enciphered management table, The method and search condition which 
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investigate whether it is in agreement with a search condition are beforehand 
enciphered with the encryption key, decoding it, and there is a method of searching 
the management table enciphered by the enciphered search condition. In the former 
method, since processing of decoding occurs for every extraction of the data from a 
management table, the retrieval performance of a database is worsened greatly. 
Except that the processing which enciphers a search condition occurs once, the 
almost same retrieval performance as the database which is not enciphered can be 
taken out with the latter method. For this reason, the latter method is excellent in 
realization of search of the enciphered management table at the performance target. 
The latter method was explained in this example. 

[0038]Since the keys used for encryption for every specific data set differed, the data 
encryption key was searched with the data structure of the method of this invention 
from the key table 108 using the hash value of data as a means which picks out the 
key which enciphers a search condition from the key table 108. 
[0039]Drawing 12 shows the update process flow of the data to the encryption 
database which registration and the update control program 1 1 1 perform. A data 
update process, The update information input step 1200, the front [ updating ] data 
search step 1201, the coincidence data check step 1202, the serial number acquisition 
step 1203, the data-after-update encryption step 1204, the updating SQL sentence 
creation step 1205. And it consists of the database register step 1206. In the update 
information input step 1200, a user reads the data before updating inputted from the 
client 100, and the data after updating. The data before updating is searched with the 
data search step 1201 before updating from the management table 107. In the 
coincidence data check step 1202, the result searched with the data search step 1201 
before updating is judged. An update process is ended when there is no data before 
updating searched with the data search step 1201 before updating in the management 
table 107. 

[0040]When the data before updating searched with the data search step 1201 before 
updating is shown in the management table 107, it progresses to the serial number 
acquisition step 1203. In a serial number acquisition step, the serial number of the 
data before updating searched with the data search step 1201 before updating is 
acquired. In the data-after-update encryption step 1204, after calculating the hash 
value of the data after updating, the data after updating is enciphered with a data 
encryption key. A data encryption key is enciphered with a key encryption key. In the 
updating SQL sentence creation step 1205, the SQL sentence of the data to update is 
created using the data after the serial number acquired by the serial number 



22 



Publication JP 11-143780 



acquisition step 1203, and enciphered updating which were created at the 
data-after-update encryption step 1204. In the database register step 1206, the SQL 
sentence in which the updating execution program 124 created the data of the 
management table 107 at the update information SQL sentence creation step 1205 by 
the database management program 110 is performed and updated, The data 
encryption key enciphered as the hash value of the data after renewal of the key table 
108 and an encryption algorithm identifier are updated. 

[0041] Next, processing of the data search step 1201 before updating is explained in 
detail using the flow chart of drawing 13. The data search step 1201 before updating 
consists of the hash value calculation steps 1300, the encryption search condition 
creation step 1301, the management table searching step 1302, and the coincidence 
data check step 1303. In the hash value calculation steps 1300, the search condition 
preparing program 1 15 is started and the hash value of the data before updating is 
calculated. The enciphered data encryption key which starts the search condition 
preparing program 115, searches the key table 108 with the encryption search 
condition creation step 1301, and is in agreement with a hash value, and an encryption 
algorithm identifier are taken out. A data encryption key is decoded with a key 
encryption key, and a search condition is enciphered as the decoded data encryption 
key by the encryption algorithm 116. A retrieval execution program is started and the 
management table 107 is searched with the management table searching step 1302 by 
the SQL sentence enciphered at the encryption search condition creation step 1301. 
In the coincidence data check step 1303, it is investigated whether there is any data 
which is in agreement with the search condition of the SQL sentence created at the 
encryption search condition creation step 1301 to the management table 107. It ends, 
when there is data which is in agreement with the search condition of the SQL 
sentence created at the encryption search condition creation step 1301. 
[0042] When there is no data which is in agreement with the search condition of the 
SQL sentence created at the encryption search condition creation step 1301, the 
another data encryption key and encryption algorithm identifier which are in 
agreement with a hash value and which were enciphered are taken out. The 
enciphered data encryption key is decoded with a key encryption key, a search 
condition is enciphered as the decoded data encryption key by the encryption 
algorithm corresponding to said encryption algorithm identifier, and the management 
table 107 is again searched with the enciphered search condition. 
[0043] Next, processing of the data-after-update encryption step 1204 is explained in 
detail using the flow chart of drawing 14. The data-after-update encryption step 1204 
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consists of the hash value calculation steps 1400, the cryptographic algorithm 
determination step 1401, the data encryption step 1402, and the key encryption step 
1403. The hash value of the data after updating is calculated in the hash value 
calculation steps 1400. In the cryptographic algorithm determination step 1401, the 
enciphered program 120 determines the encryption algorithm used for this encryption. 
The enciphered program 1 20 can have two or more cryptographic algorithms, and he is 
trying to use in it the cryptographic algorithm most newly registered into the 
enciphered program 120 for encryption at the time of registration and updating. In the 
data code step 1402, a data encryption key is created and the data registered into the 
management table 107 is enciphered. In the key encryption step 1403, a data 
encryption key is enciphered with the key encryption key in the key storage area 128. 
[0044] Drawing 15 shows the deletion flow of the data of the encryption database 
which the deletion control program 1 13 performs. Data deletion consists of the 
supersession data input step 1500, the supersession data searching step 1501, the 
coincidence data check step 1502, the serial number acquisition step 1503, the 
deletion SQL sentence creation step 1504, and the database deletion execution step 
1505. In the supersession data input step 1500, a user reads the data which was 
inputted from the client 100 and to delete. Supersession data is searched with the 
supersession data searching step 1501. In the coincidence data check step 1502, it is 
confirmed whether the supersession data searched with the supersession data 
searching step 1501 is shown in the management table 107. Deletion is ended when 
there is no supersession data searched with the supersession data searching step 
1501 in the management table 107. 

[0045]When the supersession data searched with the supersession data searching 
step 1501 is shown in the management table 107, it progresses to the serial number 
acquisition step 1503. In the serial number acquisition step 1503, the serial number of 
the supersession data searched with the supersession data searching step 1501 is 
acquired. In the deletion SQL sentence creation step 1504, a deletion SQL sentence 
is created using the serial number acquired by the serial number acquisition step 1503. 
In the database deletion execution step 1505, the line of the serial number acquired 
from the management table 107 and the key table 108 by the serial number acquisition 
step 1 503 using the deletion SQL sentence created at the deletion SQL sentence 
creation step 1 504 is deleted. It returns to the supersession data searching step 1 501 , 
and processing is continued. 

[0046]As mentioned above, a set of a value with a management table and its table 
specific as a feature of this example (Field) the information (an encryption key and an 
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encryption algorithm identifier.) for the encryption about a line, a sequence, etc. The 
database structure managing confidential information with a key table with the hash 
value of data and the registration processing of the data in the composition, retrieval 
processing, an update process, and deletion were explained. According to this example, 
the safety of the enciphered database can be improved by changing an encryption key 
dynamically at the time of data registration or updating, and another managing the 
information for encryption with a management table using said database structure. It 
is also possible to become possible to use different encryption algorithms for every 
set of the specific value of a management table, and to perform the change of an 
encryption key and an encryption algorithm dynamically during database operation 
further. Therefore, by applying this example, the safety of enough databases is 
securable. 

[0047]Next, the second example of this invention is described. Although this example 
takes the same composition as the first example shown in drawing 1 , the portion which 
updated the data encryption key also at the time of search differs from the first 
example. The retrieval system of the second example is explained using drawing 16. 
Data retrieval processing of the second example, The retrieved data input step 1600, 
the hash value calculation steps 1601, the search SQL sentence creation step 1602, 
the management table searching step 1603, the management table coincidence data 
check step 1604, the key table searching step 1605, It consists of the key table 
coincidence data check step 1606, the search-results displaying step 1607, the serial 
number acquisition step 1608, all the data decryption steps 1609, the key table 
recording step 1610, and the management table recording step 1611. 
[0048]The processing from the retrieved data input step 1600 of drawing 16 t o all the 
data decryption steps 1 609 is equivalent to processing from the retrieved data input 
step 1000 of drawing 10 t o all the data decryption steps 1009, respectively, and 
performs the same processing. In the key table recording step 1610, the data 
encryption key for enciphering the data which was in agreement with the search 
condition is newly created, the data encryption key is enciphered with a key 
encryption key, and it registers with the key table 108 with a serial number and an 
encryption algorithm identifier. In the management table recording step 1611, after 
enciphering the data which was in agreement with the search condition using the data 
encryption key created by the key table recording step 1610 and registering with the 
management table 107, it returns to the management table searching step 1603, and 
search of the management table 107 is continued. 

[0049] In the above, the method which changes an encryption key not only at the time 
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of data registration or updating but at the time of search was explained as the second 
example. According to this example, the safety of the database enciphered in order to 
update an encryption key more frequently than the time of the data registration of the 
first example or updating can be further improved using said database structure by 
changing an encryption key dynamically at the time of data registration, updating, or 
search. 

[0050]Next, the third example of this invention is described. In the first example, when 
a new encryption algorithm was added, it was used promptly. Although this example 
takes the same composition as the first example shown in drawing 1 , the portion which 
specifies an encryption algorithm in a higher rank and enciphered it by the specified 
encryption algorithm differs from the first example. 

[0051]This example is described using drawing 1 . The outline of the registration 
processing of the data enciphered and stored in a database is explained. A user inputs 
the data registered into a database from the client 100, and specifies an encryption 
algorithm identifier. Registration and the update control program 1 1 1 are started, and 
the encryption algorithm identifier specified as the data which was inputted from the 
client 100, and to register is passed to registration and the update control program 
111. Registration and the update control program 1 1 1 pass the data and the 
encryption algorithm identifier which are registered into registration / updating 
preparation program 1 1 7. Registration / updating preparation program 1 1 7 creates a 
serial number by the initial condition preparing program 118, Calculate hash of the 
data registered by the hash value calculation program 119, and the data encryption 
key based on the encryption algorithm identifier specified by the enciphered program 
120 by the client 100 is created, The data registered using this key is enciphered and 
it enciphers with the key encryption key which is in the key storage area 128 by the 
encryption algorithm in which the key enciphered program 121 has that data 
encryption key further. 

[0052] Registration / updating preparation program 1 17 passes the encryption 
algorithm identifier which enciphered a serial number, the hash value of the data 
registered, the enciphered registration data, a data encryption key, and registration 
data to registration and the update control program 111. Registration and the update 
control program 1 1 1 pass these data to registration and the renewal condition 
preparing program 1 22. Registration and the renewal condition preparing program 1 22 
create the SQL sentence for the management table 107 and the key table 108 from 
the passed data, respectively, and passes it to registration and the update control 
program 1 11. Registration and the update control program 1 1 1 pass the SQL sentence 
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created by registration and the renewal condition preparing program 122 to the 
registration execution program 123. The registration execution program 123 using the 
database management program 110 to the management table 107. A serial number and 
the enciphered registration data are registered and the encryption algorithm identifier 
which enciphered a serial number, the hash value of the data registered, a data 
encryption key, and registration data to the key table 108 is registered. 
[0053] Next, the outline of the update process of data in the third example is explained. 
A user specifies the encryption algorithm identifier of the data before updating, the 
data after updating, and the data after updating from the client 100. Registration and 
the update control program 1 1 1 are started, and the parameter inputted from the 
client 100 is passed to registration and the update control program 111. Registration 
and the update control program 1 1 1 pass the data before updating to the data search 
program 114. The data search plug rum 114 enciphers the data before updating by the 
search condition preparing program 115, takes out the serial number of the data 
before updating by a retrieval execution program, and passes it to registration and the 
update control program 111. Registration and the update control program 1 1 1 pass 
the encryption algorithm identifier which enciphers a serial number, the data after 
updating, and the data after updating to registration / updating preparation program 
117. 

[0054] Regi stration / updating preparation program 1 1 7 by a hash value calculation 
program. Calculate the hash value of the data after updating and the data encryption 
key based on the encryption algorithm which enciphers the data after updating 
specified by the enciphered program 120 by the client 100 is created, The data to 
update is enciphered and the key enciphered program 121 enciphers the data 
encryption key further by the encryption algorithm which the key enciphered program 
121 has with the key in the key storage area 128. Registration / updating preparation 
program 117 passes the hash value of the data after updating, the enciphered data, 
the enciphered data encryption key, and an encryption algorithm identifier to 
registration and the update control program 1 11. Registration and the update control 
program 1 1 1 pass a serial number, the hash value of the data after updating, the 
enciphered data, the enciphered data encryption key, and an encryption algorithm 
identifier to registration and the renewal condition preparing program 122. Registration 
and the renewal condition preparing program 122 create the SQL sentence for the 
management table 107 and the key table 108 from the passed data, respectively, and 
passes it to registration and the update control program 111. Registration and the 
update control program 1 1 1 pass the SQL sentence created by registration and the 
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renewal condition preparing program 122 to the updating execution program 124. The 
updating execution program 124 updates the hash value of the data of the 
management table 107, and the data of the key table 108, the enciphered data 
encryption key, and an encryption algorithm identifier using the database management 
program 1 1 0. 

[0055]As explained above, according to the third example, high order application can 
specify an encryption algorithm freely, and can choose an encryption algorithm flexibly. 
[0056]As mentioned above, a data set with a management table and its table specific 
as a feature of this invention (Field) the information (an encryption key and an 
encryption algorithm identifier.) for the encryption about a line, a sequence, etc. The 
database structure managing confidential information with a key table with the hash 
value of data, Registration of the enciphered data in the composition, search, updating, 
deletion, the dynamic updating method of an encryption key, and how to change the 
encryption algorithm under database operation were explained. As a database 
management system which this invention uses, either a relational database or an 
object oriented database is feasible. 

[005 7] An object will be used for the definition of the key table 108 when using an 
object oriented database. The field of a hash algorithm can be added to the key table 
108, and a hash algorithm can also be changed into it for every specific data set with 
an encryption algorithm. 

[0058] According to this invention, the safety of the enciphered database can be 
improved by changing an encryption key dynamically and another managing the 
information for encryption with a management table using said database structure. It 
is also possible to become possible to change into a new encryption algorithm for 
every specific data set, and to perform the change of an encryption key and an 
encryption algorithm dynamically during database operation. Therefore, by applying 
this invention, the safety of enough databases is securable. Also when an encryption 
algorithm still firmer than the future is invented, the algorithm for management data 
codes can be changed to a dynamic more firm method. 
[0059] 

[Effect of the Invention]According to this invention, in the enciphered database, the 
change of an encryption key and an encryption algorithm can be dynamically 
performed during database operation, and a safe confidential information management 
data base with pliability can be created. 
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[Translation done.] 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is a figure showing the composition of one gestalt of operation of the 
confidential information managing system of the database of this invention. 
[Drawing 2] It is a figure for explaining the management table of the database 
enciphered for every field. 

[Drawing 3] It is a figure for explaining the key table of the database enciphered for 
every field. 

[Drawing 4] It is a figure for explaining the management table of the database 
enciphered for every line. 

[Drawing 5] It is a figure for explaining the key table of the database enciphered for 
every line. 

[Drawing 6] It is a figure for explaining the management table of the database 
enciphered for every sequence. 

[Drawing 7] It is a figure for explaining the key table of the database enciphered for 
every sequence. 

[Drawing 8] It is a flow chart explaining the procedure of the data registration of a 
database performed by this invention. 

[Drawing 9] It is a flow chart explaining the procedure of registration / updating 
preparation program at the time of the data registration of a database performed by 
this invention. 

[Drawing 10] It is a flow chart explaining the procedure of the data retrieval of a 
database performed by this invention. 

[Drawing 1 1] It is a flow chart explaining the procedure of the search condition 
preparing program at the time of the data retrieval of a database performed by this 
invention. 

[Drawing 12] It is a flow chart explaining the procedure of the renewal of data of a 
database performed by this invention. 

[Drawing 13] It is a flow chart explaining the procedure of the data search program at 
the time of the renewal of data of a database performed by this invention. 
[Drawing 14] It is a flow chart explaining the procedure of registration / updating 
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preparation program at the time of the renewal of data of a database performed by 
this invention. 

[Drawing 15] It is a flow chart explaining the procedure of the data deletion of a 
database performed by this invention. 

[Drawing 16]It is a flow chart explaining the procedure of the data retrieval 
accompanied by the encryption key of a database and change of an encryption 
algorithm which are made by this invention. 
[Description of Notations] 

100 Client 

101 LAN 

1 02 LAN adapter 

103 Server 

104 CPU 

105 Bus 

1 06 Magnetic disk drive 

1 07 Management table 

108 Key table 

109 Main memory 

1 1 0 Database management program 

1 1 1 Registration and an update control program 

1 1 2 Search control program 

1 13 Deletion control program 

1 1 4 Data search program 

1 15 Search condition preparing program 

1 16 Retrieval execution program 

1 1 7 Registration / updating preparation program 

1 18 Initial condition preparing program 

1 19 Hash value calculation program 

120 Enciphered program 

121 Key enciphered program 

122 Registration and a renewal condition preparing program 

123 Registration execution program 

124 Updating execution program 

1 25 Key acquisition program 

126 Deletion-conditions preparing program 

127 Deletion execution program 
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1 28 Key storage area 

[Translation done.] 



